Solved: Re: IOS Upgrade on Cisco 2900 switches

prakruthi.pallu@gmail.com · ‎04-08-2019

Can we perform Cisco switch IOs upgrade remotely, without FTP/FTP server?

I need to upgrade one of the Cisco switches in remote office and I am not sure if I can do it without using FTP/TFTP server since there is none in my production network. Can we perform Cisco switch iOS upgrade remotely, without FTP/FTP server? Any help would be greatly appreciated.

Thanks in advance :)

Giuseppe Larosa · ‎05-30-2019

Hello ,

>> aaa authentication login aaaCON enable

The method listed is enable for console login authentication.

My understanding is that if you use the enable secret/password you should be able to access the console.

So you don't need to change anything, use the enable secret/password and you should be able to access the console.

Hope to help

Giuseppe

View solution in original post

Leo Laohoo · ‎04-08-2019

prakruthi.pallu@gmail.com wrote:

Can we perform Cisco switch IOs upgrade remotely, without FTP/FTP server?

I need to upgrade one of the Cisco switches in remote office and I am not sure if I can do it without using FTP/TFTP server since there is none in my production network. Can we perform Cisco switch iOS upgrade remotely, without FTP/FTP server? Any help would be greatly appreciated.

Thanks in advance :)

Download TFTPd32/TFTPd64 from HERE and install it into a computer.

Seb Rupik · ‎04-09-2019

Hi there,

You can configure one of your other switches to operate as a TFTP server, although I believe this feature is being phased out due to vulnerabilities.

Make sure you have enough space on your selected switch to hold both its own and the 2900 switch IOS files. Try these instructions:

https://www.cisco.com/c/en/us/support/docs/routers/2500-series-routers/15092-copyimage.html#copying_one_router

cheers,

Seb.

Richard Burts · ‎04-09-2019

Perhaps another way to look at this question is that to upgrade the code being used the important first step is to get the new code into flash on the switch. If the switch is remote then you will need some file transfer software. It might be tftp, or might be ftp, or might be something like scp. If you do not have a computer with file transfer software at the remote site, then either you need to install such software on one of the computers, or you need to plan a trip to the site with your own computer which would need to have that file transfer software.

HTH

Rick

HTH

Rick

prakruthi.pallu@gmail.com · ‎05-30-2019

Now i got everything set up.

I will be performing the iOS upgrade remotely for all the switches and routers. But, as a backup plan I am asking the site contact person to connect to the router/switch CONSOLE port using a laptop so that if something goes wrong during upgrade i can still access it through console. Having said that now I am unable to login through console port since i or anyone else in my team do not have the console password(It was set by previous admin and he no longer works here). I can still access the device through SSH. Is there anyway to get the Console password from running config or can i reset it without taking the device down.

Thanks !

prakruthi.pallu@gmail.com · ‎05-30-2019

Now i got everything set up.

I will be performing the iOS upgrade remotely for all the switches and routers. But, as a backup plan I am asking the site contact person to connect to the router/switch CONSOLE port using a laptop so that if something goes wrong during upgrade i can still access it through console. Having said that now I am unable to login through console port since i or anyone else in my team do not have the console password(It was set by previous admin and he no longer works here). I can still access the device through SSH. Is there anyway to get the Console password from running config or can i reset it without taking the device down.

Thanks !

Giuseppe Larosa · ‎05-30-2019

Hello,

if you have access to configuration of the device you can change the configuration.

A)

if aaa new-model is not configured you just need the following:

line con

password <new-password>

B) if AAA new-model is configured the configuration above may be enough or not.

There is no impact on the device

Hope to help

Giuseppe

prakruthi.pallu@gmail.com · ‎05-30-2019

AAA New Model is configured.

Running Config:

aaa new-model
!
!
aaa group server radius rad_1
server-private 192.168.1.111 auth-port 1812 acct-port 1813 key 7 xxx
!
aaa authentication login aaaVTY group rad_1 local
aaa authentication login aaaCON enable

!

line con 0
session-timeout 30
exec-timeout 30 0
logging synchronous
login authentication aaaCON

--------------

Can i still use this --> line con

password <new-password>

Giuseppe Larosa · ‎05-30-2019

Hello ,

>> aaa authentication login aaaCON enable

The method listed is enable for console login authentication.

My understanding is that if you use the enable secret/password you should be able to access the console.

So you don't need to change anything, use the enable secret/password and you should be able to access the console.

Hope to help

Giuseppe

prakruthi.pallu@gmail.com · ‎05-30-2019

That did work.

Thank You :)